Identity & Access Management for Applications | Identity Data Services

This service offers identity data for access to non-IAM-managed systems and provides identity data reporting to organizations managing user information.

Enterprise Directory

This service is a centralized place to look up identity and access information for the KP workforce, including employees, contingent workers, and affiliates. This allows a single, read only interface to both the current Enterprise Directory data and Active Directory data.

When to use this service

This service is available to any clients who need to read standard enterprise identity data across the entire KP workforce. Generally available for “read only” applications that can query a Lightweight Directory Access Protocol (LDAP). Mutual agreement of transaction loads, service level agreements, and service performance requirements must be in place before integration. Client must support LDAP over Transport Layer Security (TLS). Refer any non-LDAP requests, non-workforce identity requests, or requests for sensitive information to IAM Architecture.

Getting Started

You have two ways to request this service:

Data Analytics and Reporting

Collects, stores, manages, and governs the use of identity and access data to enable business processes, provide advanced analytics and reporting, enable monitoring, and reduce risk for the protection of KP’s data and systems. Hundreds of business app owners receive the identity information through a daily data feed. This service also provides user interface for custom reporting in Business Intelligence (BI) Publisher as part of the Oracle stack.

When to use this service

This service is available to clients who need to provide application identity access data to IAM for the purpose of consuming other IAM services, e.g. Termination Notification Service, Access Review & Recertification, and Identity & Access Reporting.

Getting Started

You have two ways to request this service:

Virtual Directory Service

This is a directory service designed to allow multiple directories with different schemas and attributes that respond to different protocols (LDAP, Kerberos, OIDC) to respond as if they were a single directory regardless of protocol used.

When to use this service

This service is typically not used by client applications. This is an infrastructure service that integrates with other directory platforms to enable seamless communications support to enable access and authentication to KP resources. IAM Consultation may be required.

Getting Started

You have two ways to request this service: